- Give them the list of usernames and passwords
- Passwords should be put in a deny list
- Usernames should be reviewed for weak passwords
- Make sure users don’t register for websites with their work email unless they absolutely need to
- Haveibeenpwned.com subscription is good for proactive alerting of compromised corporate accounts
Search